Cybercrime revenues hit $1.5 trillion a year

The company behind those findings, Bromium, has now released more details from its research, which exposes a huge cybercrime-based economy and the professionalization of cybercrime.

Complete findings will be presented today at the RSA Conference in San Francisco by researcher Dr Michael McGuire, senior lecturer in criminology at the University of Surrey in England.

The report estimates cyber criminal revenues worldwide of at least $1.5 trillion -- equal to the GDP of Russia. In fact, if cybercrime was a country it would have the 13th highest GDP in the world. This $1.5 trillion figure includes: $860 billion from illicit/illegal online markets, $500 billion from the theft of trade secrets and intellectual property, $160 billion from data trading, $1.6 billion from Crimeware-as-a-Service and $1 billion from ransomware.

The crime economy has become a self-sustaining system -- an interconnected web of profit that blurs the lines between the legitimate and illegitimate. The report points to the emergence of platform criminality, mirroring the platform capitalism model used by companies like Uber and Amazon, where data is the commodity. It also raises concerns about new criminality models that these platforms enable, which fund broader criminal activities such as human trafficking, drug production and distribution, and even terrorism.

"The findings of Dr. McGuire's research provide shocking insight into just how widespread and profitable cybercrime has become," says Gregory Webb, CEO of Bromium. "The platform criminality model is productizing malware and making cybercrime as easy as shopping online. Not only is it easy to access cyber criminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as The Web of Profit continues to gain momentum. We can't solve this problem using old thinking or outmoded technology. It's time for new approaches."

As in the legitimate economy, criminal enterprises are also going through digital transformation and are diversifying into new areas of crime. They are found to be reinvesting 20 percent of their revenues into further crime, which suggests up to $300 billion is being used to fund future cybercrime and other serious types of criminal activty.

"We can clearly link cybercrime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005," adds Dr McGuire. "Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe. But there is also evidence that groups who acquire revenues from cybercrime are involved in the active production of drugs."